Card Verification Bug!

Hi @develooperr,

Nik here from SkyVerge support ?? Thanks for reaching out about our Braintree for WooCommerce plugin! Apologies for our delay getting back to you here, I’m happy to help!

First off, regarding the order status issue, this sounds like expected behavior based on the modifications you made. The plugin is still expecting the response from Braintree to contain confirmation for the newly stored card, so when this is missing (because the card was not stored) the order is placed on hold in WooCommerce. This prevents subscription orders from looking successful at first even though the renewal probably won’t be later since the card wasn’t stored.

I’d recommend removing these modifications so that the Vault will continue to work as expected.

As for the verification issue, Braintree’s documentation suggests that enabling Card Verification globally in the control panel will apply verification standards to all cards before they go into the Vault. My understanding is that this would include the use of the storeInVaultOnSuccess option.

Could you confirm with the Braintree team that Card Verification is configured on your account to apply to all transactions? And if so, why that isn’t being applied in this case?

Cheers!
Nik
SkyVerge

Hey @develooperr,

It has been a long time since we heard from you, so I’m going to mark this topic as resolved.

If you’re still experiencing issues please take a look at our documentation for more information and create a new thread if you have further questions.

Cheers,

Simon

@nikskyverge @simonskyverge

Hi Nik

Sorry for the delay

I spoke with Braintree support and they said Card Verification is enabled on our account, but if the storeInVaultOnSuccess parameter is turned on in the first transaction, after a successful transaction, the card will be added to Vualt without verification.

But when I disabled the storeInVaultOnSuccess parameter via the hook, the order was not processed properly

Would you please help?

I posted the image of the Braintree team : https://tinyimg.io/i/OFCDoN1.jpg

Hi @develooperr ,

Thanks for following up here! My turn to apologize for the delay getting back to you!

Thanks for sharing that message from Braintree as well! Based on that, it sounds like they do not run verification for cards that are added using the storeInVaultOnSuccess parameter as I had assumed. Their suggestion is that we run a separate verification first by attempting to add the card to the Vault directly (via creation API call) before processing the transaction itself.

A change like this is something we would have to re-write in our code, rather than something that you can change in the settings (or via hook), so I’ll need to follow up with our developers to get more insight on this.

Either they or I will be in touch with more information. Could you let me know if you have any other questions in the meantime?

Cheers,

Nik
SkyVerge

Hi @nikskyverge

Thank you

When do you think this problem will be solved? Can we wait for it in the next update?

Hey @develooperr

I’ve added this issue to our tracker for our team to investigate. While I don’t have an estimated time for resolution right now, please know that our team is now aware of the issue and will work to incorporate a fix into the plugin as soon as they can.

In the meantime, I noticed that your Braintree rep also mentioned enabling some of their basic fraud tools as part of the Card Verification features intended use. Could you let me know if you’ve been able to enable any of these tools and if you’ve seen any change in behavior from the gateway based on that?

Best,
Nik

Hi @nikskyverge

I hope you are fine

Is there any good news from your team?

We are still waiting for your team to find a solution to this problem and fix it in the next update.

Hearing good news from you makes us happy ??

Regards,
Ali

Hi Ali ( @develooperr ),

Thanks for checking back in on this!

I haven’t heard any updates on this just yet, so let me check in with a few of the folks involved to see where things stand.

Could you let me know if you were able to get any of those basic fraud rules enabled since we last spoke and if you’ve seen any change in behavior from the gateway based on that?

Talk soon!

Nik
SkyVerge

Hi Ali!

Following up on this, I heard back from our engineers today and they are looking to have this resolved within the next week or so.

Could you let me know if you have any other questions in the meantime, or if you had any luck with those fraud rules?

Cheers,
Nik

Hi Nik ( @nikskyverge )

We had two cases of fraud that tried to buy with fake / random cards and created many failed transactions.

We need to fix this problem to make sure all cards are verified on the first purchase

Regards,
Ali

• This reply was modified 3 years, 5 months ago by develooperr.

Hi @develooperr – I’m sorry to hear that you’re still experiencing issues with this. I’ve checked in with SkyVerge to see if we can get a status update.

In the meantime, have you been able to get any of those basic fraud rules enabled as previously suggested?

We’ll be in touch soon!

Hi @develooperr –

I’ve touched base with SkyVerge, and it doesn’t look like a fix for this was added to the Braintree extension yet. There is, however, a code snippet that was created to limit transaction attempts with the Moneris gateway that might be able to be leveraged to do the same for Braintree. You can find the snippet here.

<?php // only copy this line if needed

/**
 * Reject further transaction processing through the Moneris payment gateway if the order
 * has encountered too many successive transaction failures due to suspected fraud.
 * 
 * @param bool|array $result
 * @param int|string $order_id
 * @return bool|array
 */
add_filter( 'wc_payment_gateway_moneris_process_payment', function ( $result, $order_id ) {

    // bail if payment would fail anyway and return no payment method so do same
    if ( is_array( $result ) && isset( $result['result'] ) && 'failure' === $result['result'] ) {
        return $result;
    }

    // make sure WooCommerce session is initialized first
    if ( ! WC()->session ) {
        WC()->initialize_session();
    }

    $session_key = 'wc_moneris_order_' . $order_id . '_attempts_count';

    // set attempts count to 0 if not set before
    $attempts_count = absint( WC()->session->get( $session_key, 0 ) );
    $attempts_count++;

    // log attempt count
    wc_moneris()->log( &quot;Order number: {$order_id} | Attempts count: {$attempts_count}&quot; );

    // fail order if too many attempts
    if ( $attempts_count > 5 ) {
        return [
            'result'  => 'failure',
            'message' => 'Too many payment attempts!',
        ];
    }

    // update session value
    WC()->session->set( $session_key, $attempts_count );

    return $result;
}, 1, 2 );

I hope this helps!

Hi @laceyrod

Thank you for your response.

Because we don’t use WC Moneris, this code snippet is ineffective for us.

We request that you fix this problem as soon as possible because this is an important issue

Regards,
Ali

Hi @nikskyverge @laceyrod

Our development team is eager to help with this issue.

Do you have any suggestions on how we can solve this problem?

Is there anything we can do to help?

Regards,
Ali

Hello @develooperr,

Did you try the code snippet yet? The code was created to limit transaction attempts with the Moneris gateway but it should also do the same for Braintree.

Could you please try the snippet and confirm if that helps?

Thanks!